aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2013-11-12 15:47:05 -0800
committerfriendica <info@friendica.com>2013-11-12 15:47:05 -0800
commitac7292489c0eeb981fd04cf5c194fc76f473c130 (patch)
tree73f2c2903a9ccffcf00bee9c91b99eee84eaab79
parent8eaab0642fcddcce86b618913af56a86d6014665 (diff)
parent2f68d1d1add99878825d1dfc242ac0caa165cb5d (diff)
downloadvolse-hubzilla-ac7292489c0eeb981fd04cf5c194fc76f473c130.tar.gz
volse-hubzilla-ac7292489c0eeb981fd04cf5c194fc76f473c130.tar.bz2
volse-hubzilla-ac7292489c0eeb981fd04cf5c194fc76f473c130.zip
Merge https://github.com/friendica/red into zpull
-rw-r--r--doc/install/sample-nginx.conf16
-rw-r--r--include/dir_fns.php2
2 files changed, 14 insertions, 4 deletions
diff --git a/doc/install/sample-nginx.conf b/doc/install/sample-nginx.conf
index 57a0e63b5..396e39fb8 100644
--- a/doc/install/sample-nginx.conf
+++ b/doc/install/sample-nginx.conf
@@ -85,7 +85,7 @@ server {
# otherwise fall back to front controller
# allow browser to cache them
# added .htm for advanced source code editor library
- location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|svg)$ {
+ location ~* \.(jpg|jpeg|gif|png|ico|css|js|htm|html|ttf|woff|svg)$ {
expires 30d;
try_files $uri /index.php?q=$uri&$args;
}
@@ -98,16 +98,26 @@ server {
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# or a unix socket
location ~* \.php$ {
- fastcgi_split_path_info ^(.+\.php)(/.+)$;
+ # Zero-day exploit defense.
+ # http://forum.nginx.org/read.php?2,88845,page=3
+ # Won't work properly (404 error) if the file is not stored on this
+ # server, which is entirely possible with php-fpm/php-fcgi.
+ # Comment the 'try_files' line out if you set up php-fpm/php-fcgi on
+ # another machine. And then cross your fingers that you won't get hacked.
+ try_files $uri =404;
+
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+ fastcgi_split_path_info ^(.+\.php)(/.+)$;
# With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
- fastcgi_index index.php;
+
include fastcgi_params;
+ fastcgi_index index.php;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# deny access to all dot files
diff --git a/include/dir_fns.php b/include/dir_fns.php
index fef58428f..0c9a6bd9f 100644
--- a/include/dir_fns.php
+++ b/include/dir_fns.php
@@ -20,7 +20,7 @@ function dir_sort_links() {
return $o;
}
-function dir_safe_mode(&$a) {
+function dir_safe_mode() {
$observer = get_observer_hash();
if ($observer)